1. Home
    2. Prisma
    3. Prisma Cloud
    4. Prisma Cloud Administrator’s Guide (Compute)
    5. Install
    6. Install Defender
    7. Install a single Container Defender

    Install a single Container Defender

    Install Container Defender on each host that you want Prisma Cloud to protect.
    Single Container Defenders can be configured in the Console UI, and then deployed with a curl-bash script. Alternatively, you can use twistcli to configure and deploy Defender directly on a host.

    Install a single Container Defender (Console UI)

    Configure how a single Container Defender will be installed, and then install it with the resulting curl-bash script.
    Prerequisites
    :
    • Your system meets all minimum system requirements.
    • Console can be accessed over the network from the host where you want to install Defender.
    • You have sudo access to the host where Defender will be installed.
    1. Verify that the host machine where you install Defender can connect to Console.
      Copy the path to Console from
      Manage > System > Utilities
      .
      $ curl -sk -D - https://<CONSOLE_IP_ADDRESS>/api/v1/_ping
      If curl returns an HTTP response status code of 200, you have connectivity to Console.
    2. Log into Console.
    3. Go to
      Manage > Defenders > Deploy
      .
      1. In the first drop-down menu (2), select the way Defender connects to Console.
        A list of IP addresses and hostnames are pre-populated in the drop-down list. If none of the items are valid, go to
        Manage > Defenders > Names
        , and add a new Subject Alternative Name (SAN) to Console’s certificate. After adding a SAN, your IP address or hostname will be available in the drop-down list.
        Selecting an IP address in a evaluation setup is acceptable, but using a DNS name is more resilient. If you select Console’s IP address, and Console’s IP address changes, your Defenders will no longer be able to communicate with Console.
      2. (Optional) Set a proxy (3) for the Defender to use for the communication with the Console.
      3. (Optional) Set a custom communication port (4) for the Defender to use.
      4. (Optional) Set
        Assign globally unique names to Hosts
         to
        ON
         when you have multiple hosts that can have the same hostname.
        After setting the toggle to
        ON
        , Prisma Cloud appends a unique identifier, such as ResourceId, to the host’s DNS name. For example, an AWS EC2 host would have the following name: Ip-171-29-1-244.ec2internal-i-04a1dcee6bd148e2d.
      5. In the second drop-down list (5), select the Defender type. Both Linux and Windows platforms are supported.
      6. In the third drop-down list (6), leave the listener type set to
        None
        .
      7. In the final field (7), copy the install command, which is generated according to the options you selected.
    4. On the host where you want to install Defender, paste the command into a shell window, and run it.

    Install a single Container Defender (twistcli)

    Use twistcli to install a single Container Defender on a Linux host.
    Prerequisites
    :
    • Your system meets all minimum system requirements.
    • Console can be accessed over the network from the host where you want to install Defender.
    • You have sudo access to the host where Defender will be installed.
    • You’ve created a service account with the Defender Manager role. twistcl uses the service account to access Console.
    1. Verify that the host machine where you install Defender can connect to Console.
      Copy the path to Console from
      Manage > System > Utilities
      .
      $ curl -sk -D - https://<CONSOLE>/api/v1/_ping
      If curl returns an HTTP response status code of 200, you have connectivity to Console.
    2. SSH to the host where you want to install Defender.
    3. Download twistcli.
      $ curl -k \
  -u <USER> \
  -L \
  -o twistcli \
  https://<CONSOLE>/api/v1/util/twistcli
    4. Make the twistcli binary executable.
      $ chmod a+x ./twistcli
    5. Install Defender.
      $ sudo ./twistcli defender install standalone container-linux \
  --address https://<CONSOLE> \
  --user <USER>
    6. Verify Defender was installed correctly.
      $ sudo docker ps
CONTAINER ID   IMAGE                                  COMMAND                  CREATED          STATUS         PORTS     NAMES
677c9883c4b6   twistlock/private:defender_21_04_333   "/usr/local/bin/defe…"   11 seconds ago   Up 10 seconds            twistlock_defender_21_04_333

    Verify the install

    Verify that Defender is installed and connected to Console.
    Defender can be deployed and run with full functionality when dockerd is configured with SELinux enabled (--selinux-enabled=true). All features will work normally and without any additional configuration steps required. Prisma Cloud automatically detects the SELinux configuration on a per-host basis and self-configures itself as needed. No action is needed from the user.
    1. In Console, go to
      Manage > Defenders > Manage
      .
      Your new Defender should be listed in the table, and the status box should be green and checked.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2022 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo